Today, in the information society, data encryption is essential, and encryption techniques are mounted on many devices such as smart cards. Encryption algorithms have become extremely strong, and it takes massive time and labor to directly decode that. Therefore, it can be said that data is safe as long as it is encrypted.
However, recently, side channel attacks against ciphers have become a large problem. The side channel attack is an attack in which an attacker obtains secondary information of voltage waveforms, electromagnetic waves, or the like generated from a device during encryption or decryption processing and analyzes that to recover a secret key instead of directly decoding an encryption algorithm. This attack can carry out attacking even in a case of an encryption algorithm, which is considered to be safe if it is not appropriately mounted, and there is also a big problem that it does not leave a track.
In differential power analysis (Differential Power Analysis), which is one of the side channel attacks, first, an attacker obtains voltage waveforms for many input data. Then, the value of a secret key is estimated, and a selection function is determined at the same time. The obtained voltage waveforms are sorted by using the determined selection function, and the sum of the waveforms of each group is obtained. If the value of the estimated secret key is correct, a peak shows in the waveforms. Therefore, whether it is a correct secret key or not can be distinguished, and the secret key can be restored (for example, see Non-Patent Literature 1).
In order to prevent such side channel attacks, a method that eliminates the correlation between the value during encryption or decryption processing and the secret key by masking the value during the encryption or decryption processing by a random number is effective. Therefore, generally, a circuit for generating random numbers is provided in addition to encryption algorithms, and masking is carried out by using the random numbers generated by the provided circuit.
Recently, various services using computers have been provided. In many services, encryptions are used for realizing secrecy of communication. Moreover, recently, the amount of digital data has been rapidly increased, and, at the same time, the data amount transmitted/received through networks has also increased rapidly. Therefore, the data includes personal information, confidential information of companies, etc. and the data has to be encrypted and safely transmitted/received. The most common method as an encryption method is a symmetric-key encryption method in which encryption/decryption is carried out with a single key. The symmetric-key encryption method is roughly divided into a block encryption method and a stream cipher method.
The former one is a method which is the most commonly used. However, the latter one has recently drawn attention since it is excellent in processing speed. The stream cipher is a stateful method in which encryption is carried out while updating an internal state (for example, see Non-Patent Literature 2).